Headline
CVE-2023-6287: Use POST for starting backup restore job
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
When restoring a backup the passphrase is submitted. The form used the GET method so the passphrase was logged to the apache access log.
We found this vulnerability internally.
Indicators of Compromise: Check /var/log/apache2/access.log for occurences of passphrase
Vulnerability Management: We have rated the issue with a CVSS Score of 3.3 (Low) with the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. We assigned CVE-2023-6287 to this vulnerability.
Changes: With this Werk the method is changed to POST so it will no longer be logged.
To the list of all Werks